Platform
nvidia
Component
nvidia-delegated-licensing-service
Fixed in
3.6.1
3.1.9
CVE-2026-24241 describes an improper authentication vulnerability within the NVIDIA Delegated Licensing Service. Successful exploitation could lead to information disclosure, potentially exposing sensitive data. This vulnerability affects all versions of the service prior to version 3.6. A patch has been released by NVIDIA, resolving the issue.
The primary impact of CVE-2026-24241 is the potential for information disclosure. An attacker who successfully exploits this vulnerability could gain access to confidential data managed by the NVIDIA Delegated Licensing Service. The specific data exposed would depend on the service's configuration and the attacker's privileges. While the description doesn't specify the exact data at risk, it could include licensing keys, user credentials, or other sensitive information. The blast radius is limited to systems running the vulnerable NVIDIA Delegated Licensing Service, but the consequences of data exposure could be significant, particularly if the exposed data is used to compromise other systems or services.
CVE-2026-24241 was publicly disclosed on February 24, 2026. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the nature of the vulnerability (improper authentication) and the potential for information disclosure, it's prudent to monitor for potential exploitation attempts.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-24241 is to upgrade the NVIDIA Delegated Licensing Service to version 3.6 or later. This version includes a fix for the improper authentication issue. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter access controls and monitoring for suspicious activity related to the licensing service. While a direct workaround isn't specified, reviewing and hardening the service's configuration to minimize the potential impact of a successful exploit is recommended. After upgrading, confirm the fix by verifying that authentication checks are functioning correctly and that no unauthorized access attempts are logged.
Update the NVIDIA License System DLS component to version 3.6 or later. This will resolve the improper authentication vulnerability and prevent potential information disclosure.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-24241 is a vulnerability in NVIDIA Delegated Licensing Service where an improper authentication issue could lead to information disclosure. It has a MEDIUM severity rating (CVSS 4.3) and affects versions prior to 3.6.
If you are using NVIDIA Delegated Licensing Service on an appliance platform and are running a version prior to 3.6, you are potentially affected by this vulnerability. Check your version and upgrade accordingly.
The recommended fix is to upgrade the NVIDIA Delegated Licensing Service to version 3.6 or later. This resolves the improper authentication issue.
As of February 24, 2026, there are no publicly known active exploitation campaigns or proof-of-concept exploits for CVE-2026-24241.
Refer to the official NVIDIA security advisory for CVE-2026-24241. The specific link will be available on the NVIDIA security website once published.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.